Installing System Root Certificate¶

This interface is used to install system-level root certificates in your Android system, with compatibility across all Android versions. You might be confused about what the root certificate and FIRERPA’s encryption certificate are respectively. The FIRERPA encryption certificate is used to encrypt the communication traffic between FIRERPA and you, while the root certificate referred to here is the built-in root certificate in the Android system. This certificate is used for encryption and decryption work of HTTPS and other related traffic in the system. If you have learned about packet capture, the root certificate here refers to the certificate used for packet capture. You can implement man-in-the-middle packet capture through this chapter’s interface + setting proxy interface. Of course, you can also choose to use our encapsulated startmitm.py. We are just introducing this basic function implementation to you here.

Preparation¶

Please make sure you have prepared the certificate from fiddler or mitmproxy. For mitmproxy, the certificate you should use is mitmproxy-ca-cert.pem. For fiddler, it might be in crt format. You should be able to export this file in fiddler. Just provide the file path as a parameter without worrying about any file name conversion issues. To avoid wasting unnecessary time, we recommend using mitmproxy here. If you are using Charles or similar, we cannot ensure that you can complete the setup in one go, because such applications have more complex configuration items and you may need to understand various types to correctly configure HTTPS man-in-the-middle. If you must use it, we recommend using Charles’s socks5 as the proxy protocol.

Installing Root Certificate¶

With the path of your prepared certificate file, you can directly write the following interface to install mitmproxy’s root certificate. Once installed, it will exist permanently and does not need to be reinstalled.

d.install_ca_certificate(cert_path)

Uninstalling Root Certificate¶

You can call the following code to remove the custom root certificate installed on the device. We do not recommend frequent installation and uninstallation. If unnecessary, you don’t need to call this interface.

d.uninstall_ca_certificate(cert_path)

The complete code is as follows (we will not repeat the instantiation of the d device instance):

import os

# Construct the path of the mitmproxy-ca-cert.pem file
HOME = os.path.expanduser("~")
cert_path = os.path.join(HOME, ".mitmproxy", "mitmproxy-ca-cert.pem")
# Taking mitmproxy as an example, use the following code to install the certificate
d.install_ca_certificate(cert_path)

# Use the following code to uninstall the certificate
d.uninstall_ca_certificate(cert_path)

This certificate installation and uninstallation interface is universal. You can use it to install any certificate that an application requires you to install. You can also use it to install certificates required by Fiddler/Charles. Just provide the file path. If you want to capture packets, you can refer to the Setting Proxy chapter, and set the proxy to the address monitored by the man-in-the-middle application.

Using Programming Interface

Setting System Proxy (IP Switching)